Yes, MVM can detect Windows 7 systems. Since Windows systems in general (and Windows Vista, Windows 7 and Windows Server 2008 in particular) are extremely similar from a remote identification perspective. As with all versions of Windows (and all operating systems in general) we stand a better chance of correct identification if more ports and more data are available. For Windows, having TCP port 445 open is the best bet at accurate identification. Using credentials is of course the ultimate method.on 11/3/09 9:41 AM
When you say Vista, 7 and 2008 are extremely similar from a remote identification perspective, wont it increase the probability of mismatch if authentication is unavailable?
Yes it will. They are "similair" as their implemented TCP/IP stack is almost identical. You can also integrate ePO as a data source within Foundstone to pull accurate OS information.Another good idea is to keep your custom OS fingerprints 100% up to date. You should be checking them monthly and knocking out as many unknowns as possible.
Team McAfee at Ciphent
You mention the best way is through TCP port 445, but which services need to be enabled for MVM to be able to gather as much information as possible? I know MVM uses the WMI and Remote Registry services to authenticate, but do you need both enabled? I believe by default Windows 7 has the startup type set to manual on these, but I could be wrong. Anyway, just curious what McAfee suggests or if someone could point me to a KB or something that'd be great.